coreutils: Setting Permissions
1
1 27.2.1 Setting Permissions
1 --------------------------
1
1 The basic symbolic operations on a file’s permissions are adding,
1 removing, and setting the permission that certain users have to read,
1 write, and execute or search the file. These operations have the
1 following format:
1
1 USERS OPERATION PERMISSIONS
1
1 The spaces between the three parts above are shown for readability only;
1 symbolic modes cannot contain spaces.
1
1 The USERS part tells which users’ access to the file is changed. It
1 consists of one or more of the following letters (or it can be empty;
1 ⇒Umask and Protection, for a description of what happens then).
1 When more than one of these letters is given, the order that they are in
1 does not matter.
1
1 ‘u’
1 the user who owns the file;
1 ‘g’
1 other users who are in the file’s group;
1 ‘o’
1 all other users;
1 ‘a’
1 all users; the same as ‘ugo’.
1
1 The OPERATION part tells how to change the affected users’ access to
1 the file, and is one of the following symbols:
1
1 ‘+’
1 to add the PERMISSIONS to whatever permissions the USERS already
1 have for the file;
1 ‘-’
1 to remove the PERMISSIONS from whatever permissions the USERS
1 already have for the file;
1 ‘=’
1 to make the PERMISSIONS the only permissions that the USERS have
1 for the file.
1
1 The PERMISSIONS part tells what kind of access to the file should be
1 changed; it is normally zero or more of the following letters. As with
1 the USERS part, the order does not matter when more than one letter is
1 given. Omitting the PERMISSIONS part is useful only with the ‘=’
1 operation, where it gives the specified USERS no access at all to the
1 file.
1
1 ‘r’
1 the permission the USERS have to read the file;
1 ‘w’
1 the permission the USERS have to write to the file;
1 ‘x’
1 the permission the USERS have to execute the file, or search it if
1 it is a directory.
1
1 For example, to give everyone permission to read and write a regular
1 file, but not to execute it, use:
1
1 a=rw
1
1 To remove write permission for all users other than the file’s owner,
1 use:
1
1 go-w
1
1 The above command does not affect the access that the owner of the file
1 has to it, nor does it affect whether other users can read or execute
1 the file.
1
1 To give everyone except a file’s owner no permission to do anything
1 with that file, use the mode below. Other users could still remove the
1 file, if they have write permission on the directory it is in.
1
1 go=
1
1 Another way to specify the same thing is:
1
1 og-rwx
1